Tag: Event display

Requesting certificates via Network Device Enrollment Service (NDES) fails with error message "The public key does not meet the minimum size required by the specified certificate template. 0x80094811 (-2146875375 CERTSRV_E_KEY_LENGTH)".

Assume the following scenario:

  • A network device enrollment service (NDES) is implemented in the network.
  • Requesting a certificate fails with the following error message: 
"The public key does not meet the minimum size required by the specified certificate template. 0x80094811 (-2146875375 CERTSRV_E_KEY_LENGTH)"
Continue reading „Die Beantragung von Zertifikaten über den Registrierungsdienst für Netzwerkgeräte (NDES) schlägt fehl mit Fehlermeldung „The public key does not meet the minimum size required by the specified certificate template. 0x80094811 (-2146875375 CERTSRV_E_KEY_LENGTH)““

Requesting certificates via Network Device Enrollment Service (NDES) fails with error message "The operation timed out 0x80072ee2 (WinHttp: 12002 ERROR_WINHTTP_TIMEOUT)".

Assume the following scenario:

  • A network device enrollment service (NDES) is implemented in the network.
  • Requesting a certificate fails with the following error message:
The operation timed out 0x80072ee2 (WinHttp: 12002 ERROR_WINHTTP_TIMEOUT)
Continue reading „Die Beantragung von Zertifikaten über den Registrierungsdienst für Netzwerkgeräte (NDES) schlägt fehl mit Fehlermeldung „The operation timed out 0x80072ee2 (WinHttp: 12002 ERROR_WINHTTP_TIMEOUT)““

The Network Device Enrollment Service (NDES) logs the error message "The Network Device Enrollment Service cannot be started (0x80004005). Unspecified error"

Assume the following scenario:

  • An NDES server is configured on the network.
  • When accessing the NDES application web page (mscep) and the NDES administration web page (certsrv/mscep_admin), HTTP error 500 (Internal Server Error) is reported with error code 0x80004005.
  • The events are No. 2 and No. 8 stored in the application event log: 
The Network Device Enrollment Service cannot be started (0x80004005). Unspecified error
Continue reading „Der Registrierungsdienst für Netzwerkgeräte (NDES) protokolliert die Fehlermeldung „The Network Device Enrollment Service cannot be started (0x80004005). Unspecified error““

Overview of audit events generated by the Certification Authority

The following is an overview of the audit events generated by the certification authority in the Windows Event Viewer.

In contrast to operational events, which are often understood under the term "monitoring", auditing for the certification authority is the configuration of logging of security-relevant events.

Continue reading „Übersicht über die von der Zertifizierungsstelle generierten Audit-Ereignisse“

Overview of Windows events generated by the Certificate Enrollment Policy (CEP) service

The following is an overview of the events generated by the Certificate Enrollment Policy (CEP) service in the Windows Event Viewer.

The Certificate Registration Policy Service events are not officially documented. The following list was generated using the Windows Event Log Messages (WELM) tool.

Continue reading „Übersicht über die vom Zertifikatregistrierungs-Richtliniendienst (CEP) generierten Windows-Ereignisse“

Overview of Windows events generated by the Certificate Enrollment Web Service (CES).

The following is an overview of the events generated by the Certificate Enrollment Web Service (CES) in the Windows Event Viewer.

The events of the Certificate Enrollment Web Service are not officially documented. The following list was generated using the Windows Event Log Messages (WELM) tool.

Continue reading „Übersicht über die vom Zertifikatregistrierungs-Webdienst (CES) generierten Windows-Ereignisse“

Overview of Windows events generated by the Network Device Enrollment Service (NDES).

The following is an overview of the events generated by the Network Devices Registration Service (NDES) in the Windows Event Viewer.

The events of the Network Devices Registration Service are not officially documented. The following list was generated using the Windows Event Log Messages (WELM) tool.

Continue reading „Übersicht über die vom Registrierungsdienst für Netzwerkgeräte (NDES) generierten Windows-Ereignisse“

Overview of Windows events generated by the online responder (OCSP)

The following is an overview of the events generated by the online responder (OCSP) in the Windows Event Viewer.

The events of the online responder are not officially documented. The following list was generated using the Windows Event Log Messages (WELM) tool.

Continue reading „Übersicht über die vom Onlineresponder (OCSP) generierten Windows-Ereignisse“

Performance problems with auditing of "Start and stop Active Directory Certificate Services".

When configuring the auditing settings of a certificate authority, one is inclined to select the "Start and Stop Active Directory Certificate Services" option. However, this option may cause problems in some circumstances.

Continue reading „Performanceprobleme bei Auditierung von „Start and stop Active Directory Certificate Services““

Perform functional test for a Certification Authority

After installing a certification authority, after migrating to a new server, or after more extensive maintenance work, an extensive functional test should be performed to ensure that all components of the certification authority are working as desired.

Continue reading „Funktionstest durchführen für eine Zertifizierungsstelle“

The Network Device Enrollment Service (NDES) logs the error message "The Network Device Enrollment Service cannot be started (0x80070002). The system cannot find the file specified."

Assume the following scenario:

  • An NDES server is configured on the network.
  • HTTP error 500 (Internal Server Error) is reported when accessing the NDES application web page (mscep) and the NDES administration web page (certsrv/mscep_admin).
  • It will be the Event No. 2 stored in the application event log: 
The Network Device Enrollment Service cannot be started (0x80070002). The system cannot find the file specified.
Continue reading „Der Registrierungsdienst für Netzwerkgeräte (NDES) protokolliert die Fehlermeldung „The Network Device Enrollment Service cannot be started (0x80070002). The system cannot find the file specified.““

The Network Device Enrollment Service (NDES) logs the error message "The Network Device Enrollment Service cannot retrieve one of its required certificates (0x80070057). The parameter is incorrect."

Assume the following scenario:

  • An NDES server is configured on the network.
  • HTTP error 500 (Internal Server Error) is reported when accessing the NDES application web page (mscep) and the NDES administration web page (certsrv/mscep_admin).
  • The events no. 2 and 10 stored in the application event log:
The Network Device Enrollment Service cannot be started (0x80070057). The parameter is incorrect.
The Network Device Enrollment Service cannot retrieve one of its required certificates (0x80070057). The parameter is incorrect.
Continue reading „Der Registrierungsdienst für Netzwerkgeräte (NDES) protokolliert die Fehlermeldung „The Network Device Enrollment Service cannot retrieve one of its required certificates (0x80070057). The parameter is incorrect.““

Domain Controller Certificate Templates and Smartcard Logon

In order for domain controllers to process smart card logins, they need certificates that provide this function.

Continue reading „Domänencontroller-Zertifikatvorlagen und Smartcard Anmeldung“

The Network Device Enrollment Service (NDES) logs the error message "The Network Device Enrollment Service cannot create or modify the registry key Software\Microsoft\Cryptography\MSCEP\EncryptedPassword."

Assume the following scenario:

  • An NDES server is configured on the network.
  • The NDES server is configured to work with a static password.
  • When accessing the NDES administration web page (certsrv/mscep_admin), users are repeatedly prompted for authentication despite having correct credentials.
  • The following event is stored in the application event log:
The Network Device Enrollment Service cannot create or modify the registry key "Software\Microsoft\Cryptography\MSCEP\EncryptedPassword". Grant Read and Write permissions on the registry key "Software\Microsoft\Cryptography\MSCEP" to the account that the Network Device Enrollment Service is running as.
Continue reading „Der Registrierungsdienst für Netzwerkgeräte (NDES) protokolliert die Fehlermeldung „The Network Device Enrollment Service cannot create or modify the registry key Software\Microsoft\Cryptography\MSCEP\EncryptedPassword.““
en_USEnglish
de_DEDeutsch en_USEnglish